Getting a SSL certificate from any of the major Certificate Authorities (CAs) can run $100 and up. Add to the mix, news stories which seem to indicate that not all of the established CAs can be trusted 100% of the time and you might decide to circumvent the uncertainty and erase the cost by being your own Certificate Authority.

Ad

Steps

Part 1 of 4: Creating your CA Certificate

1

Generate your CA's private key by issuing the following command:

openssl genrsa -des3 -out server.CA.key 2048

The options explained:

openssl - the name of the software

genrsa - creates a new private key

-des3 - encrypt the key using the DES cipher

-out server.CA.key - the name of your new key

2048 - the length, in bits, of the private key (Please see the warnings)

Please be as detailed as possible in your explanation. Don't worry about formatting! We'll take care of it.
For example:Don't say: Eat more fats.Do say: Add fats with some nutritional value to the foods you already eat. Try olive oil, butter, avocado, and mayonnaise.

Things You'll Need

References

Warnings

By default, most modern browsers will show an "Untrusted certificate" warning when someone visits your site. There has been much debate over the wording of these warnings, as non-technical users can be caught off-guard. It's often best to use a major authority so users do not get the warnings.

1024-bit keys are considered to be obsolete. 2048-bit keys are considered to be secure for user certificates until 2030, but is considered insufficient for root certificates. Consider these vulnerabilities as you create your certificates.

Tips

You can vary the contents of PEM keys by issuing the following command: